privacyprof writes: This short article, Privacy Self-Management and the Consent Dilemma, 126 Harvard Law Review 1880 (2013), argues that the current regulatory approach for protecting privacy relies too heavily on “privacy self-management” – providing people with a set of rights to enable them to decide how to weigh the costs and benefits of the collection, use, or disclosure of their information. Empirical and social science research has undermined key assumptions about how people make decisions regarding their data. People cannot appropriately self-manage their privacy due to a series of structural problems. There are too many entities collecting and using personal data to make it feasible for people to manage their privacy separately with each entity. Moreover, many privacy harms are the result of an aggregation of pieces of data over a period of time by different entities. It is virtually impossible for people to weigh the costs and benefits of revealing information or permitting its use or transfer without an understanding of the potential downstream uses. Privacy self-management addresses privacy in a series of isolated transactions guided by particular individuals. Privacy costs and benefits, however, are more appropriately assessed cumulatively and holistically — not merely at the individual level.